In return for receiving their flight rewards, hackers are forbidden from revealing the nature of the security holes they discovered.

“We believe that this program will further bolster our security and allow us to continue to provide excellent service,” United said on its website.

The company declined to comment further.

A million award miles could pay for dozens of internal flights in the US

“It’s not always about hackers digging around looking for flaws. A hacker may be using a service and notice something a bit off,” said Dr Barker.

“We all benefit if they look into that,” she added.

Some critics of bug bounties say they can discourage companies from hiring professional security staff, because it’s cheaper to offer hackers cash for disclosing bugs.

Dr Barker disagrees: “It should be part of an overall approach to security, but it’s definitely a good approach.

“It encourages positive behaviour and shows young hackers that they can benefit from doing the right thing.

“Bounties can also benefit smaller companies who can’t afford to give out cash rewards but can offer free products or services, so I hope we’ll see more and more bug bounties,” she said. – With BBC News